apparmor: pull in variables from tunables/global
The variables that were defined at the top of the apparmor profile are best pulled in via the <tunables/global> include. Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
This commit is contained in:
parent
0bcebe0347
commit
7c63627a7f
1 changed files with 1 additions and 6 deletions
|
@ -11,13 +11,8 @@ import (
|
||||||
const DefaultProfilePath = "/etc/apparmor.d/docker"
|
const DefaultProfilePath = "/etc/apparmor.d/docker"
|
||||||
const DefaultProfile = `
|
const DefaultProfile = `
|
||||||
# AppArmor profile from lxc for containers.
|
# AppArmor profile from lxc for containers.
|
||||||
@{HOME}=@{HOMEDIRS}/*/ /root/
|
|
||||||
@{HOMEDIRS}=/home/
|
|
||||||
#@{HOMEDIRS}+=
|
|
||||||
@{multiarch}=*-linux-gnu*
|
|
||||||
@{PROC}=/proc/
|
|
||||||
@{pid}=self
|
|
||||||
|
|
||||||
|
#include <tunables/global>
|
||||||
profile docker-default flags=(attach_disconnected,mediate_deleted) {
|
profile docker-default flags=(attach_disconnected,mediate_deleted) {
|
||||||
#include <abstractions/base>
|
#include <abstractions/base>
|
||||||
network,
|
network,
|
||||||
|
|
Loading…
Reference in a new issue